The U.S. is disrupting the Iranian regime’s state-sponsored hacking campaign that has targeted dozens of countries worldwide as well as human rights activists and others within Iran.
The U.S. Department of the Treasury has sanctioned more than 40 people and the Rana Intelligence Computing Company, a front company, assisting Iran’s Ministry of Intelligence and Security in hacking hundreds of people and entities in more than 30 countries, including some in the Middle East and North Africa.
“The Islamic Republic of Iran is one of the world’s leading threats to cybersecurity and human rights online,” Secretary of State Michael R. Pompeo said in a September 17 statement. “We will continue to expose Iran’s nefarious behavior and impose costs on the regime until they turn away from their destabilizing agenda.”
To prevent future attacks, the FBI has released detailed instructions for detecting eight sets of malware that the Iranian ministry and Rana used for hacking. The FBI says the hackers, also known as Advanced Persistent Threat 39, used the malware to target the government networks of Iran’s neighboring countries and to monitor Iranian citizens.
The U.S. Treasury Department says Iran’s regime, through Rana, conducted a yearslong malware campaign that targeted Iranian dissidents and journalists as well as foreign governments and international companies. The sanctioned individuals worked for Rana.
Rana conducted cyberattacks against anyone the regime’s security ministry considered a threat, targeting Iranian dissidents, journalists, students and human rights activists.
Iran’s intelligence ministry used the data to arrest and intimidate Iranian citizens.
“The Iranian regime uses its intelligence ministry as a tool to target innocent civilians and companies, and advance its destabilizing agenda around the world,” Treasury Secretary Steven T. Mnuchin said in a September 17 statement.
The U.S. Department of Justice has charged two Iranian nationals in connection with cybercrimes. The hacking was sometimes conducted on the regime’s behalf and other times for profit.
Prosecutors say Hooman Heidarian, 30, and Mehdi Farhadi, 34, both of Hamadan, Iran, targeted entities in the United States, Europe and the Middle East, stealing national security, aerospace and military information, as well as personal financial data and unpublished scientific research.
“These Iranian nationals allegedly conducted a wide-ranging campaign on computers here in New Jersey and around the world,” said Craig Carpenito, U.S. Attorney for the District of New Jersey. “They brazenly infiltrated computer systems and targeted intellectual property and often sought to intimidate perceived enemies of Iran, including dissidents fighting for human rights in Iran and around the world.”